1 Answer
1

As far as I know ec2 security group setting is independant of instance-wise firewall rules. Think of the ec2 security group as a firewall layer on top of the firewall of your ec2 instance. So a port is reachable if and only if security group has it open and firewall inside your instance is not blocking that port. Either layer's blocking on port will make the port unreachable.